USBank vs. Newegg – Card Declined

In June 2012, I tried to order a camera accessory for my sister’s birthday. She lives over 1000 miles away in Florida. Newegg declined the $50 order, even though I’d selected my usual billing address and credit card (on file with them!). I tried another card. Also declined. I checked with my card provider, USBank, and they reported no problems.

At this point, I called Newegg’s credit department, expecting an explanation and resolution. I said, “My billing address and credit card information is perfect. USBank says there’s no issue. Are you declining the order because I’m shipping a gift to a family member?” The customer service agent couldn’t comment on their fraud detection policies. I gave up and ordered the gift through Amazon: same credit card, no problems.

Sitting in my living room a few days later, I tried to login to Newegg from my wife’s laptop. I simply needed to lookup an old order. I was staring at our projector, and typing on an unfamiliar keyboard didn’t help my typing accuracy. Two wrong password attempts made me second guess myself. Then a third wrong attempt: Account locked!

I called Newegg expecting to quickly regain access to my 10+ year old account. The service agent said she’d have their fraud department look into the ban, and based on their decision, it would be usable again in 1-2 days. Newegg never followed up or restored the account even after I proposed, “So, you’re telling me to shop at Amazon?”

Fast forward to last night: I’d still been using our [separate] company account with Newegg to buy toner and office computer equipment, and decided it’s time to replace my five year old dinosaur of a PC…

Two minutes after placing a $1287.50 order, Newegg sends an email to the company, “Payment Authorization Failed”:

We regret to inform you that your Newegg.com order (Sales Order Number: ##########) cannot be processed at this time. Unfortunately, the payment authorization on your VISA has failed. This failed authorization may have resulted from an invalid card number, incorrect expiration date, insufficient funds or exceeding a daily limit.

Again?! This is the same USBank Visa we’ve used to place Newegg orders all year! The company has a high spending limit on this particular card and we regularly charge large material and equipment purchases to the same card. All billing, shipping, and card information I’d provided was 100% correct, accurate, and legitimate.

So I call USBank again. The rep says, “Oh, Newegg? They’re one of the biggest sources of fraud we deal with. We automatically decline large orders.” He went on to mention that he and his wife recently spotted a fraudulent $3500 charge from Newegg on their own USBank Visa–and they don’t even have a Newegg account.

He kindly transfers me to 2nd level support. After re-answering all security questions and explaining that we really do want to charge $1287 to our Visa, Mr. Level-Two says, “Okay, can you try to re-submit the order at Newegg? It should go through this time.” Newegg instantly declined the card a second time.

He says, “Hm, I’m going to transfer you to the next level support. They’ll be able to help.”

At level three, I answer security questions for the third time, then ask Darleen if she really has the magical powers necessary to authorize my legitmate company purchase. She says she does. I re-enter my card at Newegg and the order finally goes through.

Online Credit Card Processing is Broken

My company has processed a few thousand credit card orders in the past quarter, with 0 chargebacks. We cater to a niche market, so fraud isn’t common through our online store. Yet, we observe 5+ declined credit cards each day. The majority of these customers have made a small typo, or can’t remember if they’ve updated their billing address after moving to a new home/apartment. In all but a few rare cases, our customers’ declined cards are false positives!

Trading Buying Freedom for Security

Searches for declined credit cards turn up similar stores like my own:

To stop fraud, we need to stop allowing purchases to be made solely with the information that appears on the card because this is not secret information; it is basic information about an account. This is not something that merchants can fix alone. Merchants already have to foot the bill for chargebacks, and PCI standards are really just an attempt to make merchants responsible for maintaining the security of what is, at its core, a payment system that broke in the 1990s. CVN didn’t work–10 years later, we still have to explain to consumers where the number is because the card associations have not spent enough effort educating the public and, quite frankly, they don’t care. To use a credit card, anywhere, you should have to swipe it (PCI is still relevant in this scenario). Period.

From a merchant’s perspective, I couldn’t agree more. Credit card security is a disaster. Declined purchases are even more frustrating to legitimate buyers.

Fixing Online Purchasing Security

PayPal intended to fix online security. But have they succeeded after 14 years in operation? Only somewhat. Just 40% of our customers choose to pay via PayPal. That’s a strong percentage, but credit cards remain dominant and many customers consider their plastic cards safer. And let’s face it: PayPal is an online extension of the existing, broken banking and credit card infrastructure.

It’s clear that credit card security must be fixed at the banking level. Getting banks to dump resources into fixing credit cards–that’s a huge challenge.

Credit Card Authorization via SMS

Credit cards are the 21st century cash (although, with hidden swipe fees…a rant for another time). For now, I propose a simple solution to restore security and convenience: Allow credit card holders to opt-in to fraud alerts via text messaging. If a bank determines a charge to be fraudulent, send a text message to the cardholder, something like this:

If someone has hijacked my credit card, billing address, and cell phone, my identity has already been stolen. Might as well let fraud occur at that point.

It’s not a perfect fix. Not everyone has a text messaging plan, hence the opt-in. And adding a user prompt via SMS into the credit card authorization routine will complicate processing for the bank, and may still require a second processing attempt for successful authortization. It’s a start.

Ultimately, it’s time to replace credit cards with a new form of payment.